src: Fix nftnl_*_get_data() to return the real attribute length

All getters must set the memory size of the attributes, ie. this
includes the nul-termination in strings.

For references to opaque objects hidden behind the curtain, report
a zero size.

Signed-off-by: Carlos Falgueras García <carlosfg@riseup.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/chain.c b/src/chain.c
index cab64b53571dd1edbb5a5c7c3dd5902fa410148d..4c562fef8feb81ecd22c518eb2232564137f7a58 100644 (file)
--- a/src/chain.c
+++ b/src/chain.c
@@ -272,8 +272,10 @@ const void *nftnl_chain_get_data(const struct nftnl_chain *c, uint16_t attr,
 
        switch(attr) {
        case NFTNL_CHAIN_NAME:
+               *data_len = strlen(c->name) + 1;
                return c->name;
        case NFTNL_CHAIN_TABLE:
+               *data_len = strlen(c->table) + 1;
                return c->table;
        case NFTNL_CHAIN_HOOKNUM:
                *data_len = sizeof(uint32_t);
@@ -303,6 +305,7 @@ const void *nftnl_chain_get_data(const struct nftnl_chain *c, uint16_t attr,
                *data_len = sizeof(uint32_t);
                return c->type;
        case NFTNL_CHAIN_DEV:
+               *data_len = strlen(c->dev) + 1;
                return c->dev;
        }
        return NULL;

diff --git a/src/expr.c b/src/expr.c
index f8027252324268e94b7d26d5de013760cdd97e37..e5c1dd321a2a5c4469e3dd9bc75122998774bedb 100644 (file)
--- a/src/expr.c
+++ b/src/expr.c
@@ -119,6 +119,7 @@ const void *nftnl_expr_get(const struct nftnl_expr *expr,
 
        switch(type) {
        case NFTNL_EXPR_NAME:
+               *data_len = strlen(expr->ops->name) + 1;
                ret = expr->ops->name;
                break;
        default:

diff --git a/src/expr/dynset.c b/src/expr/dynset.c
index 04043597a649abf7d485f8ec7b9cfe3f760a1b94..111bf8cdbbf7f646c657df4d98184cafd636c5c1 100644 (file)
--- a/src/expr/dynset.c
+++ b/src/expr/dynset.c
@@ -88,10 +88,13 @@ nftnl_expr_dynset_get(const struct nftnl_expr *e, uint16_t type,
                *data_len = sizeof(dynset->timeout);
                return &dynset->timeout;
        case NFTNL_EXPR_DYNSET_SET_NAME:
+               *data_len = strlen(dynset->set_name) + 1;
                return dynset->set_name;
        case NFTNL_EXPR_DYNSET_SET_ID:
+               *data_len = sizeof(dynset->set_id);
                return &dynset->set_id;
        case NFTNL_EXPR_DYNSET_EXPR:
+               *data_len = 0;
                return dynset->expr;
        }
        return NULL;

diff --git a/src/expr/lookup.c b/src/expr/lookup.c
index 7f68f74baff26ca89b4d9a56418d69e30e8f1c50..16cfce21d69ceeaa5dd2ec70091119f185b58501 100644 (file)
--- a/src/expr/lookup.c
+++ b/src/expr/lookup.c
@@ -73,10 +73,13 @@ nftnl_expr_lookup_get(const struct nftnl_expr *e, uint16_t type,
                *data_len = sizeof(lookup->dreg);
                return &lookup->dreg;
        case NFTNL_EXPR_LOOKUP_SET:
+               *data_len = strlen(lookup->set_name) + 1;
                return lookup->set_name;
        case NFTNL_EXPR_LOOKUP_SET_ID:
+               *data_len = sizeof(lookup->set_id);
                return &lookup->set_id;
        case NFTNL_EXPR_LOOKUP_FLAGS:
+               *data_len = sizeof(lookup->flags);
                return &lookup->flags;
        }
        return NULL;

diff --git a/src/gen.c b/src/gen.c
index 37a90496bbe8749f56e9d3af7c38f579e15f695e..c69d2f8c0a4f53493b32dc0647096921ba16817e 100644 (file)
--- a/src/gen.c
+++ b/src/gen.c
@@ -100,6 +100,7 @@ const void *nftnl_gen_get_data(const struct nftnl_gen *gen, uint16_t attr,
 
        switch(attr) {
        case NFTNL_GEN_ID:
+               *data_len = sizeof(gen->id);
                return &gen->id;
        }
        return NULL;

diff --git a/src/rule.c b/src/rule.c
index 2b23c8e35530a62d5c1ec60bd31e3d3ebbd46a02..a0edca7f39df7bbb662502e434eb604b8cc36557 100644 (file)
--- a/src/rule.c
+++ b/src/rule.c
@@ -213,8 +213,10 @@ const void *nftnl_rule_get_data(const struct nftnl_rule *r, uint16_t attr,
                *data_len = sizeof(uint32_t);
                return &r->family;
        case NFTNL_RULE_TABLE:
+               *data_len = strlen(r->table) + 1;
                return r->table;
        case NFTNL_RULE_CHAIN:
+               *data_len = strlen(r->chain) + 1;
                return r->chain;
        case NFTNL_RULE_HANDLE:
                *data_len = sizeof(uint64_t);

diff --git a/src/set.c b/src/set.c
index e48ff7874abf127263d8c181f46b8d7b9fcfb279..8a592db817629c19ba46e7ae00c8bdd034722747 100644 (file)
--- a/src/set.c
+++ b/src/set.c
@@ -215,8 +215,10 @@ const void *nftnl_set_get_data(const struct nftnl_set *s, uint16_t attr,
 
        switch(attr) {
        case NFTNL_SET_TABLE:
+               *data_len = strlen(s->table) + 1;
                return s->table;
        case NFTNL_SET_NAME:
+               *data_len = strlen(s->name) + 1;
                return s->name;
        case NFTNL_SET_FLAGS:
                *data_len = sizeof(uint32_t);

diff --git a/src/set_elem.c b/src/set_elem.c
index 40b5bfe105277b7984296393fa0abd8a6c2b358f..4e89210d363b668288509b014375a2bdca1a151b 100644 (file)
--- a/src/set_elem.c
+++ b/src/set_elem.c
@@ -160,25 +160,31 @@ const void *nftnl_set_elem_get(struct nftnl_set_elem *s, uint16_t attr, uint32_t
 
        switch(attr) {
        case NFTNL_SET_ELEM_FLAGS:
+               *data_len = sizeof(s->set_elem_flags);
                return &s->set_elem_flags;
        case NFTNL_SET_ELEM_KEY:        /* NFTA_SET_ELEM_KEY */
                *data_len = s->key.len;
                return &s->key.val;
        case NFTNL_SET_ELEM_VERDICT:    /* NFTA_SET_ELEM_DATA */
+               *data_len = sizeof(s->data.verdict);
                return &s->data.verdict;
        case NFTNL_SET_ELEM_CHAIN:      /* NFTA_SET_ELEM_DATA */
+               *data_len = strlen(s->data.chain) + 1;
                return s->data.chain;
        case NFTNL_SET_ELEM_DATA:       /* NFTA_SET_ELEM_DATA */
                *data_len = s->data.len;
                return &s->data.val;
        case NFTNL_SET_ELEM_TIMEOUT:    /* NFTA_SET_ELEM_TIMEOUT */
+               *data_len = sizeof(s->timeout);
                return &s->timeout;
        case NFTNL_SET_ELEM_EXPIRATION: /* NFTA_SET_ELEM_EXPIRATION */
+               *data_len = sizeof(s->expiration);
                return &s->expiration;
        case NFTNL_SET_ELEM_USERDATA:
                *data_len = s->user.len;
                return s->user.data;
        case NFTNL_SET_ELEM_EXPR:
+               *data_len = 0;
                return s->expr;
        }
        return NULL;

diff --git a/src/table.c b/src/table.c
index 966b9234edef8131fef368215e5930d2621d5694..3d4d7b9f63c3b7104683db7debab19f391d78e4c 100644 (file)
--- a/src/table.c
+++ b/src/table.c
@@ -143,6 +143,7 @@ const void *nftnl_table_get_data(const struct nftnl_table *t, uint16_t attr,
 
        switch(attr) {
        case NFTNL_TABLE_NAME:
+               *data_len = strlen(t->name) + 1;
                return t->name;
        case NFTNL_TABLE_FLAGS:
                *data_len = sizeof(uint32_t);

diff --git a/src/trace.c b/src/trace.c
index d8f561dc52787acc33789a51d8db7e0d7d446e00..1a503901fe5902148f85db0c6f55e75d044b8134 100644 (file)
--- a/src/trace.c
+++ b/src/trace.c
@@ -165,13 +165,13 @@ const void *nftnl_trace_get_data(const struct nftnl_trace *trace,
                *data_len = sizeof(uint32_t);
                return &trace->type;
        case NFTNL_TRACE_CHAIN:
-               *data_len = strlen(trace->chain);
+               *data_len = strlen(trace->chain) + 1;
                return trace->chain;
        case NFTNL_TRACE_TABLE:
-               *data_len = strlen(trace->table);
+               *data_len = strlen(trace->table) + 1;
                return trace->table;
        case NFTNL_TRACE_JUMP_TARGET:
-               *data_len = strlen(trace->jump_target);
+               *data_len = strlen(trace->jump_target) + 1;
                return trace->jump_target;
        case NFTNL_TRACE_TRANSPORT_HEADER:
                *data_len = trace->th.len;